Azure Archives - Page 4 of 18

Posted on June 1, 2023June 1, 2023 by geralexgr — Leave a comment

Batch Low Priority VMs will be retired on 30 September 2025 – Transition to Batch Spot VMs

Microsoft announced recently that Batch Low Priority VMs will be retired on 2025. If you have already created a pool on Azure Batch, it will be hard to find if this pools uses Low priority or Spot VMs.

Below you can find the detailed article that is provided from Microsoft about the migration.

Migrate low-priority VMs to spot VMs in Batch – Azure Batch | Microsoft Learn

Using Azure Spot Virtual Machines allows you to take advantage of Azure unused capacity at a significant cost savings.

Use Azure Spot Virtual Machines – Azure Virtual Machines | Microsoft Learn

In order to find out if your pool is using Spot OR Low priority VMs you will have to check the pool allocation mode. If the allocation mode is Batch service it means that it has been created with Low Priority VMs.

Run Batch workloads on cost-effective Spot VMs – Azure Batch | Microsoft Learn

When creating a new pool with User subscription mode, this pool can take advantage of the Spot VMs.

Posted on May 25, 2023May 25, 2023 by geralexgr — Leave a comment

ListBlob data from Storage account with Managed Identity – SDK for NET

There are many way to interact with a storage account in Azure. The first and easiest way would be to use a connection string which acts as credentials. However this approach does not follow best practices as you will need to hard code credentials or pass them as a parameter in your application. Based on the well architected framework the most reliable and secure way to communicate between resources in Azure would be the managed Identity and you can read more about how it works in the below URL.

Managed identities for Azure resources – Microsoft Entra | Microsoft Learn

The code provided in this article can be used to authenticate with Managed Identity in a storage account. Given that you have already provided the necessary RBAC between your services, you can use the below example code to list blobs in a storage account.

private static async Task ListBlobsFlatListing(BlobContainerClient blobContainerClient, 
                                               int? segmentSize)
{
    try
    {
        // Call the listing operation and return pages of the specified size.
        var resultSegment = blobContainerClient.GetBlobsAsync()
            .AsPages(default, segmentSize);

        // Enumerate the blobs returned for each page.
        await foreach (Page<BlobItem> blobPage in resultSegment)
        {
            foreach (BlobItem blobItem in blobPage.Values)
            {
                Console.WriteLine("Blob name: {0}", blobItem.Name);
            }

            Console.WriteLine();
        }
    }
    catch (RequestFailedException e)
    {
        Console.WriteLine(e.Message);
        Console.ReadLine();
        throw;
    }
}

https://learn.microsoft.com/en-us/azure/storage/blobs /storage-blobs-list

In order to authenticate with MI you will need to create a new BlobContainerClient with your storage-account-name and pass in the parameters the ManagedIdentity as the credentials method. Then you will be able to use your ListBlob function that is provided from Microsoft using the client previously created.

         BlobContainerClient client = new BlobContainerClient(new Uri($"https://storage-account-name.blob.core.windows.net/testing"), new ManagedIdentityCredential());

ListBlobsFlatListing(client, 1).GetAwaiter().GetResult();

After these steps you will be able to fetch data using Managed identity instead of classic authentication.

Posted on May 22, 2023May 22, 2023 by geralexgr — 1 Comment

Azure policy require specific tags on resources

Azure policies can help you control your azure management especially when it comes to best practices. A nice to have policy for your setup would be to require tags on specific resources in order to organize better your infrastructure.

Tag resources, resource groups, and subscriptions for logical organization – Azure Resource Manager | Microsoft Learn

First you will need to create your policy. By searching for Policy on Azure you should select Definitions and then Add policy definition.

In this scenario we will examine how we can request for specific tags on resource creation. The policy uses anyOf keyword which means that if any of the tags are not set then the effect will be deny. The tags that I request are: created-by, Team, Application, TBD. All those tags should be set before creating the resource. The tag should be spelled correctly and policy will not work for different deviations of the worlds. For example createdBy is different from created-by.

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "anyOf": [
        {
          "field": "[concat('tags[', parameters('tag_createdBy'), ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tag_team'), ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tag_tbd'), ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tag_application'), ']')]",
          "exists": "false"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "tag_createdBy": {
      "type": "String",
      "metadata": {
        "displayName": "created-by",
        "description": "example: Gerasimos Alexiou"
      }
    },
    "tag_team": {
      "type": "String",
      "metadata": {
        "displayName": "Team",
        "description": "example: DevOps"
      }
    },
    "tag_tbd": {
      "type": "String",
      "metadata": {
        "displayName": "TBD",
        "description": "example: (to be deleted) true or false"
      }
    },
    "tag_application": {
      "type": "String",
      "metadata": {
        "displayName": "Application",
        "description": "example: Grafana,Teamcity"
      }
    }
  }
}

After the creation of the policy you will need to assign it on a specific location/resource-group/subscription. In the parameters dialog you will need to provide the evaluation parameters. For the sake of simplicity I provided the same name for policy parameters and azure parameters. In the end Azure will request from the user the specific parameters, created-by, Team, TBD, Application.

We can test the behavior by creating a new resource with missing tags.

When TBD tag is missing, the validation will fail and the deployment cannot start until the tags are created.

After providing all the tags

The validation will pass and the deployment will be successful.

Posted on April 18, 2023April 19, 2023 by geralexgr — Leave a comment

Monitoring Windows service on Azure with Event Viewer and Log Analytics

A Log Analytics workspace is a unique environment for log data from Azure Monitor and other Azure services, such as Microsoft Sentinel and Microsoft Defender for Cloud. Expect from that it can be used also for monitoring combined with Azure alerts given that you create the appropriate query.

The below query can be used to monitor a windows server service by querying log analytics. In more detail it searches for eventID=7036 which indicates the service stopped status.

Query code in Kusto language will return the service name, state and time of the event.

Event
| where TimeGenerated >ago(1h)
| where EventLog  == "System" and EventID ==7036 and Source == "Service Control Manager" 
| parse kind=relaxed EventData with * '<Data Name="param1">' Windows_Service_Name '</Data><Data Name="param2">' Windows_Service_State '</Data>'*
| sort by TimeGenerated desc
| where Windows_Service_Name startswith "Docker Desktop" and Windows_Service_State contains "stopped"
| project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated

You can use the above query to create a azure alert when a service is found as stopped. As I want to monitor the Docker Desktop service, I will need to use that in the where clause of the query where Windows_Service_Name. The alert logic should indicate when a result is returned as a row in a given timeframe then an alert should be generated. This happens because a row is returned only when the event is captured on the event viewer. This means that the service stopped during the TimeGenerated interval of the query. The frequency of evaluation will be the time on which we want to repeat the log analytics query. For example if we need to search every 5 minutes for a stopped service then we should add 5 minutes there.

Finally the alert will be triggered and inform you about windows stopped services.